Several security vulnerabilities
Bug #226009 reported by
Bryan Donlan
This bug report is a duplicate of:
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpng (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Confirmed
|
Undecided
|
Unassigned | ||
Feisty |
Confirmed
|
Undecided
|
Unassigned | ||
Gutsy |
Confirmed
|
Undecided
|
Unassigned | ||
Hardy |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
libpng 1.2.27 fixes a number of CVEs including:
* 2006-3334
* 2007-2445
* 2007-5266
* 2007-5267
* 2007-5268
* 2007-5269
* 2008-1382
These are crash bugs. I don't know if they can be used for code execution.
I believe that these bugs justify a stable release update.
This package has already been imported into intrepid.
CVE References
To post a comment you must log in.
Marked non-private as LP#185178 disclosed this months ago, but mixed in a APNG patch that made it inappropriate during freeze.